xevion/dynamic-preauth
1
0
Fork 0
mirror of https://github.com/Xevion/dynamic-preauth.git synced 2025-12-06 01:14:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix cookie path, fix get_session_id not using depot over existing invalid cookie, add more tracing

Browse Source
This commit is contained in:
Xevion
2024-12-23 17:41:12 -06:00
parent d15fad4685
commit ef679d2159
2 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/main.rs
View File

@@ -33,13 +33,21 @@ async fn session_middleware(req: &mut Request, res: &mut Response, depot: &mut D
Ok(session_id) => { Ok(session_id) => {
let mut store = STORE.lock().await; let mut store = STORE.lock().await;
if !store.sessions.contains_key(&session_id) { if !store.sessions.contains_key(&session_id) {
tracing::debug!("Session provided in cookie, but does not exist"); let new_session_id = store.new_session(res).await;
let id = store.new_session(res).await; depot.insert("session_id", new_session_id);
depot.insert("session_id", id); tracing::debug!(
existing_session_id = session_id,
new_session_id = new_session_id,
"Session provided in cookie, but does not exist"
);
} }
} }
Err(_) => { Err(parse_error) => {
tracing::debug!("Session provided in cookie, but is not a valid number"); tracing::debug!(
invalid_session_id = cookie.value(),
error = ?parse_error,
"Session provided in cookie, but is not a valid number"
);
let mut store = STORE.lock().await; let mut store = STORE.lock().await;
let id = store.new_session(res).await; let id = store.new_session(res).await;
@@ -157,6 +165,7 @@ pub async fn download(req: &mut Request, res: &mut Response, depot: &mut Depot)
// Create a download for the session // Create a download for the session
let session_download = session.add_download(executable); let session_download = session.add_download(executable);
tracing::info!(session_id, type = download_id, dl_token = session_download.token, "Download created");
let data = executable.with_key(session_id.to_string().as_bytes()); let data = executable.with_key(session_id.to_string().as_bytes());
if let Err(e) = res.write_body(data) { if let Err(e) = res.write_body(data) {
@@ -198,17 +207,22 @@ pub async fn get_session(req: &mut Request, res: &mut Response, depot: &mut Depo
} }
} }
// Acquires the session id from the request, preferring the request Cookie // Acquires the session id from the request, preferring the depot
fn get_session_id(req: &Request, depot: &Depot) -> Option<usize> { fn get_session_id(req: &Request, depot: &Depot) -> Option<usize> {
if depot.contains_key("session_id") {
return Some(*depot.get::<usize>("session_id").unwrap());
}
// Otherwise, just use whatever the Cookie might have
match req.cookie("Session") { match req.cookie("Session") {
Some(cookie) => match cookie.value().parse::<usize>() { Some(cookie) => match cookie.value().parse::<usize>() {
Ok(id) => Some(id), Ok(id) => Some(id),
_ => None, _ => None,
}, },
None => match depot.get::<usize>("session_id") { None => {
Ok(id) => Some(*id), tracing::warn!("Session was not provided in cookie or depot");
_ => None, None
}, }
} }
} }

3
src/models.rs
View File

@@ -118,6 +118,9 @@ impl<'a> State<'a> {
res.add_cookie( res.add_cookie(
Cookie::build(("Session", id.to_string())) Cookie::build(("Session", id.to_string()))
.http_only(true)
.path("/")
.same_site(salvo::http::cookie::SameSite::Lax)
.permanent() .permanent()
.build(), .build(),
); );